search

phpipam / phpipam

phpipam development repository
https://phpipam.net
2.24k stars 736 forks source link

Auto emails sending out user passwords #2245

Open julianhaines opened 6 years ago

julianhaines commented 6 years ago

HI,

New users accounts and change of passwords are being emailed out, passwords should not be sent via email.

Can this be changed or an option to turn off.

Thanks Julian

jamescat commented 6 years ago

I had the same problem with not wanting passwords emailed out (particularly since our LAN-based IPAM installation has to send emails out to a cloud provider -- i.e. transfer across the Internet -- where our email inboxes are hosted).

While I had originally meant to code up something more robust after a while, with a feature change to make the passwords optional, I haven't gotten there yet. (And as it's been over a year for me -- wow, it's been that long already?!?! -- that doesn't bode well for it getting done. ;-)

However, this miniature patch worked for me to simply remove the appropriate lines from the section of code that does the email generation.

It's by no means a "nice, clean" patch, since all it does is basically force an existing "if" test to fail by testing against zero (0) first. But it works for me.

Of course, being done in a fairly hackish way such as this, it also works best if you are running your production environment from a git branch of your own. (I called our live branch oit, after our departmental name, and simply merge the master branch into it when I want to do updates.) Doing merges from master into another branch like that, instead of running directly from master, will keep you from potentially having your modified files overwritten or flagged as conflicts by updated pulls from the phpipam/master origin repository every time you want to get a new version.

phpipam-no-email-passwords.patch.txt

Naturally, someone still needs to code up a system security switch to disable sending these out this way. But (probably) the best thing to do would actually be to code up a full replacement feature... since with this turned off, the admin essentially has to both set and communicate the password to the users. -- For instance, a way to generate "password reset" links would be a good alternative feature. And yet, that's a bit more work than just making an on/off setting in the system configuration would be, obviously.

riversdev0 commented 2 months ago

It looks like there is a Notification checkbox to not send email to user. Does this solve your issue?

image

Can this issue be closed?

jamescat commented 2 months ago

I can't speak as to the opinion of the OP, but for me (as only a "plus 1" on this issue report) it isn't exactly good enough. There are other details in the notification message (e.g. server URL, username, assigned role) which are useful to send for informational purposes. However, the admin(s) should still have the option of excluding the plaintext password for security reasons, when sending any such notice.

OTOH, I won't take any firm stance (as a +1) on whether to close the issue or not. Because, even though I would generally take the view of treating this report as a security issue that should still be handled, I am no longer in charge of managing the instance of phpIPAM that I was when I made my earlier post (5.9 yrs ago). Thus, I am mostly doing so just as a matter of principle, because I do not believe passwords should ever be sent via email, nor via other insecure channels -- or at the least, not without an admin making an explicit choice to break security for convenience.